After updating a Citrix License server from 11.6.1 to 11.10 the Citrix Licensing Service crashed immediately after startup.

In the Event Log the following error was shown:

I suspected that there was a corrupt licensing file in the MyFiles folder (Default C:\Program Files\Citrix\Licensing\MyFiles).

Read the rest of this entry »

I wanted to call a hash function from a .net executable from my code. My first step was to inspect the executable with Reflector.

The Hash function was in a namespace called Core:

Notice that the Core namespace is marked as internal so it was not meant to be callable outside of the executable. It’s still possible to call it using Reflection:

Read the rest of this entry »

After joining a new Windows 2008 R2 Server to the domain I could not login to the domain.

I would get the following error message:

Additionally the following error was logged in the Eventlog:

Read the rest of this entry »

I had to troubleshoot an application that was published with Citrix XenApp. The problem with this application was that it didn’t have an button/icon in the taskbar and the window would sometimes disappear.

I noticed that this (cr)application was written in Visual Basic, so I decided to run it through a decompilation tool.

The decompiler was able to list the forms used in the Application:

Read the rest of this entry »

I am using a PowerShell script to copy some elements of from the users old profile location to a new location. This includes the Nethood ("My Network Places") folder which contains the Network Places shortcuts.

A user reported that she could not save documents to Network Places anymore and after inspection the Network Places shortcuts were broken.

I started comparing the old Nethood folder to the new and observed the following difference in Explorer:

When copying entries from the Nethood folder with Explorer manually they worked fine, so somehow Explorer gives the Nethood folder special treatment.

Read the rest of this entry »

Today I was asked to troubleshoot an executable that didn’t work correctly on Windows XP Embedded.

On startup it displayed the following message:

I verified that System.Configuration.dll was present (in C:\Windows\Microsoft.NET\Framework\v2.0.50727).

Read the rest of this entry »

I was just browsing through the Options tab in Excel 2010 when I noticed the following setting:

This feature was introduced in Excel 2007.
In the default settings, multi-threaded calculation is Enabled with "Use all processors on this computer".

On a physical desktop this would be the preferred setting since it will make formula calculation as fast as possible.

Read the rest of this entry »

This morning Arjan Beijer sent me an interesting link to a youtube video about obtaining the Citrix IMA Datastore password using Windbg.

The video shows a method, discovered by Denis Gundarev to obtain the IMA Datastore password. Basically he uses DSMaint.exe and set’s a breakpoint on the call to CryptUnprotectData and then reads the password from memory.

I tried to call the CryptUnprotectData API with the data read from the registry directly but this failed with error NTE_BAD_KEY_STATE, this is defined in winerror.h and it means “Key not valid for use in specified state”.

Read the rest of this entry »

Just a small post today: a small commandline utility that reads the “DefaultPassword” LSA secret.

This secret is stored in the registry under the SECURITY Hive:

Read the rest of this entry »

After figuring out how to encode and decode the Citrix passwords my next step for the upcoming Citrix Launcher is experiment with config.xml and authenticating to the Citrix Web Interface.

I imported the NFuse.dtd from the Citrix Web Interface into Delphi with the XML Data Binding Wizard. The results in an NFuse Unit so I can easily create the XML data.

To create an authentication packet I use the following code:

Read the rest of this entry »